191 matches found
shopify-scripts: SIGSEGV - vm.c - line:1214
PoC ------------------- The following code triggers the bug attached as testmrbvmexec1214.rb: def test instanceexec do return toenum:==end ensure end test Debug - mirb ------------------- gdb r testmrbvmexec1214.rb Starting program: /home/x/Desktop/research/3fuzz/mruby/bin/mirb testmrbvmexec1214....
Stack overflow
Hybris Management Console HMC in SAP Hybris before 6.0 allows remote attackers to obtain sensitive information by triggering an error and then reading a Java stack trace...
Microsoft Internet Explorer 9 - MSHTML CDispNode::InsertSiblingNode Use-After-Free (MS13-037) (1)
Microsoft Internet Explorer 9 - MSHTML CDispNode::InsertSiblingNode Use-After-Free MS13-037 1 window.onload=functionlocation.reload;; text .float float:left; .zoom zoom:3000%; .border::first-letter...
CVE-2015-8880
Removed by vendor...
CVE-2015-8880
CVE-2015-8880 is a PHP vulnerability described as a double free in the format printer that affects PHP 7.x up to but not including 7.0.1. The NVD entry specifies that remote attackers could trigger an error and cause an unspecified impact. The connected OpenVAS entries corroborate the same CVE an...
Code injection
OpenStack Ironic Inspector aka ironic-inspector or ironic-discoverd, when debug mode is enabled, might allow remote attackers to access the Flask console and execute arbitrary Python code by triggering an error...
Alcatel-Lucent CellPipe 7130 Router Cross-Site Scripting Vulnerability
The Alcatel-Lucent CellPipe 7130 Router is a router product from Alcatel-Lucent, France. A cross-site scripting vulnerability exists in the Alcatel-Lucent CellPipe 7130 Router. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML via the 'Custom application' fie...
CVE-2015-4587
Cross-site scripting XSS vulnerability in the Alcatel-Lucent CellPipe 7130 router with firmware 1.0.0.20h.HOL allows remote attackers to inject arbitrary web script or HTML via the "Custom application" field in the "port triggering" menu...
Cross site scripting
Cross-site scripting XSS vulnerability in the Alcatel-Lucent CellPipe 7130 router with firmware 1.0.0.20h.HOL allows remote attackers to inject arbitrary web script or HTML via the "Custom application" field in the "port triggering" menu...
CVE-2015-4587
Cross-site scripting XSS vulnerability in the Alcatel-Lucent CellPipe 7130 router with firmware 1.0.0.20h.HOL allows remote attackers to inject arbitrary web script or HTML via the "Custom application" field in the "port triggering" menu...
IIS 7 HTTP. sys vulnerability in-depth analysis-vulnerability warning-the black bar safety net
http. sys vulnerability range As the parties in-depth analysis, across a domain managed by Windows HTTP. sys vulnerability of the case is gradually surfaced. Yesterday's announcement of the information mentioned in the Http. sys is a Microsoft Windows processing the HTTP request the kernel driver...
Tunnelblick - Local Root Exploit (2)
No description provided by source. !/bin/sh Pwnnel Blicker for kids zx2c4 This is another exploit for Tunnel Blick. Other exploits for Tunnel Blick are available here: http://git.zx2c4.com/Pwnnel-Blicker/tree/ echo + Making vulnerable directory. mkdir -pv /tmp/pwn/openvpn/openvpn-0 echo + Prepari...
GTA SA-MP server.cfg - Local Buffer Overflow Vulnerability
No description provided by source. GTA SA-MP server.cfg Local Buffer Overflow Vulnerability 0day Date: 9-26-11 Author: SilentDream Software Link: http://team.sa-mp.com/files/samp03csvrR2-2win32.zip Tested on: XP SP3, Windows 7 Thanks to: corelanc0d3r & team, Metasploit, Exploit-db. No PPRs found...
CVE-2014-1745
Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger removal of an SVGFontFaceElement object, related to...
D-Link Router Vulnerable to Reflected, Stored XSS
D-Link’s 2760N DSL-2760U-BN routers allegedly contain a number of stored and reflective cross-site scripting XSS vulnerabilities. Researcher Liad Mizrachi said he contacted D-Link to disclose the details of the bugs to them on six separate occasions – twice in August, twice in September, and once...
D-Link Router 2760N Cross Site Scripting
Advisory: D-Link Router 2760N DSL-2760U-BN Multiple XSS Author: Liad Mizrachi Vendor URL: http://www.dlink.com Status: Fixed CVE-ID: CVE-2013-5223 ========================== Vulnerability Description ========================== Multiple Cross-Site Scripting XSS vulnerabilities present in D-Link...
Netgear ProSafe - Denial of Service Vulnerability
Netgear ProSafe switches suffer from denial of service and unauthenticated startup-config disclosure vulnerabilities. import sys, getopt, urllib2 from subprocess import version = "0.1" author = "Juan J. Guelfo, Encripto AS email protected" Prints title and other header info def header: print ""...
Netgear ProSafe - Denial of Service
!/usr/bin/python Netgear ProSafe - CVE-2013-4776 PoC written by Juan J. Guelfo @ Encripto AS [email protected] Copyright 2013 Encripto AS. All rights reserved. This software is licensed under the FreeBSD license. http://www.encripto.no/tools/license.php import sys, getopt, urllib2 from subprocess...
Activating mobile malware with Music and Light Sensors
Researchers at the University of Alabama at Birmingham UAB presented the research that it is possible to trigger malware hidden in mobile devices using music, lighting, or vibration. In a research paper titled “Sensing-Enabled Channels for Hard-to-Detect Command and Control of Mobile Devices”, th...
OPC UA Set Triggering Request Command
...